ConstError when parsing reg-file
Realiserad opened this issue · comments
I exported some registry keys from my Windows VM using
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration C:\ICA1.reg
Then I try to parse the file using regipy.
The error I get is:
> registry-dump ICA1.reg
Traceback (most recent call last):
File "/home/bastian/.local/bin/registry-dump", line 8, in <module>
sys.exit(hive_to_json())
File "/usr/lib/python3/dist-packages/click/core.py", line 1128, in __call__
return self.main(*args, **kwargs)
File "/usr/lib/python3/dist-packages/click/core.py", line 1053, in main
rv = self.invoke(ctx)
File "/usr/lib/python3/dist-packages/click/core.py", line 1395, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/lib/python3/dist-packages/click/core.py", line 754, in invoke
return __callback(*args, **kwargs)
File "/home/bastian/.local/lib/python3.10/site-packages/regipy/cli.py", line 52, in hive_to_json
registry_hive = RegistryHive(hive_path, hive_type=hive_type, partial_hive_path=partial_hive_path)
File "/home/bastian/.local/lib/python3.10/site-packages/regipy/registry.py", line 103, in __init__
self.header = REGF_HEADER.parse_stream(s)
File "/home/bastian/.local/lib/python3.10/site-packages/construct/core.py", line 300, in parse_stream
return self._parsereport(stream, context, "(parsing)")
File "/home/bastian/.local/lib/python3.10/site-packages/construct/core.py", line 312, in _parsereport
obj = self._parse(stream, context, path)
File "/home/bastian/.local/lib/python3.10/site-packages/construct/core.py", line 787, in _parse
return self.parsefunc(stream, context)
File "", line 103, in parseall
File "", line 31, in parse_struct_1
File "", line 21, in parse_const
construct.core.ConstError
Why is it failing? I take as this library cannot be used to read (text) reg-files created with regedit.
Using reg save HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration C:\ICA1.reg
works as expected.
I was not overly familiar with the difference between reg and dat. Perhaps add something to the documentation for dummies like me, or improve the error message?
Pardon the noise.